Logic List Mailing Archive

WOLFASI, subworkshop at LICS '04 (Turku, Finland, July 2004)

Workshop on Logical Foundations of an Adaptive Security Infrastructure
(WOLFASI), a sub-workshop of the Logic in Computer Science (LICS)
Foundations of Computer Security (FCS'04) Workshop.
LICS '04, July 12-13, Turku, Finland

LICS Conference: http://www.dcs.ed.ac.uk/home/als/lics/lics04/
FCS Workshop: http://www.cs.chalmers.se/~andrei/FCS04/
WOLFASI Subworkshop: http://www.aero.org/wolfasi

It was felt that the field of adaptive security is sufficiently
well-defined, sufficiently important, and sufficiently of current interest
to warrant a special session of its own in the framework of FCS. The
Workshop on Logical Foundations of an Adaptive Security Infrastructure
deals with the logical underpinnings of the following scenario:

A distributed computer system operates in a semi-autonomous mode, serving
as a communications network, with nodes that perform control functions
pertaining to the network and to local hardware devices. During a period
of critical operation, the system detects an intrusion attempt in some
nodes, along with a power glitch at other nodes, and an intelligence
report about an increase in a certain type of threat. This information is
analyzed and various responses are executed: dealing with the perceived
intrusion, rerouting network traffic around suspect nodes, adjusting the
power allocation, adjusting the crptographic strength of certain message
authentication functions, etc. This set of executed responses is chosen to
best achieve the desired result, within the confines of the security
policy, as currently re-evaluated, at the appropriate time, and with
currently available resources. This scenario is more general than those
that can currently be handled, but less general than the most general
scenario of "adaptive security" that can be imagined. Currently many
sophisticated capabilities of intrusion detection, data mining,
self-reconfiguring systems, policy management etc. are being developed,
but there is no agreed upon unifying logical view of the general aspects
of such a system. For example, it is not known how to prove (or even
specify) capabilities or deduce rigorously the appropriate responses to
security-relevant inputs. We have included the term "infrastructure" in
the title to indicate that we are interested in approaches to
formalizations of a complete solution, not just individual pieces. Issues
arising from considering how a whole infrastructure for adaptive security
could be specified, designed, and verified will hopefully yield more
directed research areas and questions for the various ASI components (see
below.) Also the word "foundations" is meant to indicate a focus on the
"big picture", issues that are fundamental to the broad general
capabilities that an ASI would perhaps need. The conceptual components of
a general Adaptive Security Infrastructure (ASI) are Detector, Analyzer,
and Responder: the Detector senses, collects, and distributes information
about the security environment; the Analyzer processes Detector data,
along with other information (e.g. security policy, threat levels, or node
trust levels) and occasionally proposes actions to bring about a new
state; the Responder executes the actions as directed by the Analyzer.
These actions could include adjusting preventive mechansisms, adjusting
detector settings, adjusting internal system parameters, etc. The purpose
of this workshop is to try to formalize such a system using methods of
logic in order to answer questions such as: 1. How should the semantics of
a dynamic security policy be specified, one that can deal with potential
future security questions and facilitate proof that a candidate response
is in fact consistent with current policy? 2. How should we take into
account the global-local (or distributed-centralized or hierarchical)
nature of all components of an ASI? 3. How should we specify the
"security-relevant resources" available so that at any time the analyzer
can choose an appropriate response (for example, viewed as an algorithm
written in the system's atomic resources, with their current
capabilities?) 4. How should we unify the temporal-spatial reasoning
aspects? 5. What are the decidability or complexity issues in such a
system? 6. What is the role of "approximate security"? Most verification
tasks are so hard that only approximate security seems feasible. 7. What
is the role of computational Game theory? Many security protocols can be
viewed as a game played by many participants, in which properties of
equilibria are essential. How should such properties be specified and

Submission deadline: April 2, 2004
Notification of acceptance: May 19, 2004
Final papers: June 7, 2004
Workshop: July 12-13, 2004
Send submissions to marcus@aero.org.
Use the same submission guidelines as those for FCS04.

Leo Marcus, Chair WOLFASI
The Aerospace Corporation
Andrei Sabelfeld, Chair FCS04
Chalmers University of Technology and G?teborg University

John Baldwin, UI Chicago
Elisa Bertino, Milan
David Chess, IBM
Grit Denker, SRI
David Evans, U. of Virginia
Wei Fan, IBM
Elena Ferrari, Insubria
Christopher Geib, Honeywell
Joe Halpern, Cornell
Sushil Jajodia, George Mason
Alan Jeffrey, De Paul
Angelos Keromytis, Columbia
Wenke Lee, Georgia Tech
Janos Makowsky, Technion
Tal Malkin, Columbia
Fabio Massacci, Trento
John McLean, Naval Research Laboratory
Stephan Merz, LORIA
Jonathan Millen, SRI
Carlo Montangero, Pisa
Alan Mycroft, Cambridge
Dusko Pavlovic, Kestrel
Paolo Perlasca, Milan
S. Raj Rajagopalan, Telecordia
Peter Reiher, UCLA
Michel de Rougemont, LRI
Vitaly Shmatikov, SRI
Alexander Shnitko, Novosibirsk
Luca Vigano`, ETH
Ron Watro, BBN
Duminda Wijesekera, George Mason